As if any browser was capable of using more than one core to render a page. With Chromium or Electrolysis you can have different tabs use more than one core, but there's never any parallelism within a tab. All because of brain-dead design of Javascript.

Because of the "Let the browser take care of my crappy code" mentality, one core could be busy decompressing the insanely-too-large JPEGs so-called "designers" are using, another core is busy wasting cycles to run what should be plain javascript and CSS transitions through half a dozen bloated javascript/HTML libraries/frameworks and another core is busy trying to make any sense whatsoever of the non-valid HTML code because people don't give a damn about matching tag pairs.

The 4th core is alone in the corner, talking with the GPU to render pointless shiny effects for the OS GUI.

Programmers, designers, coders, webmonkeys... we all should be running 5-years-old hardware on 1/4 the connection speeds of the average users. We're the ones making the programs, websites, apps, etc. But no, most of us have the latest hardware, fast connections, etc. That's like letting engineers design roads for their expensive and extremely fast motorcycles. But those roads would be sub-optimal for regular drivers with cars, truckers, etc.

As my monitor, HDTV and receiver are. Once again I'll have to upgrade. The first time was when HDMI came on the scene and I lost a sound system -I have since been given a clue by a/. user that it's possible to use the (Protected) audio output and convert to HDMI.HTML5 Differences from HTML4 http://www.w3.org/TR/html5-dif... [w3.org]

Javascript's eval can be very useful in general, and in fact, the most useful form of it is when you *are* invoking it on dynamically generated code that simply cannot be as concisely expressed in any other way. That's not to say it's impossible, but it can often be a darn sight more convoluted to not use eval in Javascript to get a particular job done than it would be to write it using statically compilable code. Some may argue that this is a flaw in the design of the language itself, but I would person

guess browser manufacturers should restrict document.write to a "meta allow source", it would breaks direct malicious injection(by console), but crafted messages are not in javascript client side scope, so the data must be filtered/sandboxed at server side if belongs to the scope of injection analisys.
at client side there is not much more to do if the client is owned by the attacker.

Just for you, I am posting this with Lynx. Now if I could just get it to go full screen I would be happier.

There is, for Windows users, a bowser called "OffByOne."It is free, as in beer, if you are interested. I do not know of a Linux version for it. I used to play with it back in the day where my ad-removal software was a whole application that needed to be run separately and then one changed the proxy settings to use that application's filtering. Those where the days.

Its funny I was just saying the other day to someone who said now that flash is being mostly canned security should improve.

I said I don't know about that. The massive and rapid expansion of browser features and moving target that is HTML five support where everyone and their brother rushes out extensions is worrisome. I'll be surprised if there are not major exploits in some of that new browser code, especially sandbox escapes via the hardware stuff like webgl and what not. Only now there won't be any simple mitigation like just removing a plugin. You'll have to switch browsers.

The main reasons plug-ins get attacked so much are that (a) they do more than browsers offer natively, notably including hardware interaction as you mentioned, and (b) they provide a big, juicy target.

Expecting that moving those extra functions into the browser itself will somehow result in more secure implementations is optimistic. Every major browser fixes serious security vulnerabilities with updates, including the likes of Chrome and Firefox. They're right there in the release notes for the new version every six weeks, if anyone wants to look. The people and processes and tools used to make these browsers aren't dramatically more effective than the people and processes and tools used to make the popular plug-ins before. And it's often been the case that large, monolithic programs have proven harder to test and secure than a well-designed and well-isolated system of interacting smaller programs.

The argument that browsers will somehow magically become more secure ways of doing the same things comes from the same mindset that says running Linux is the best way to avoid viruses because Windows is a security nightmare. It seemed credible at first, because few people were being successfully attacked while running Linux, but then someone made a Linux system that became popular with regular non-geek types, and today which platform has the fastest growing malware problem? It's probably Android.

Thought experiment : what if Microsoft had done a linux based version of Windows? (ignoring Metro/RT/Windows 10). You sort of have that with Wine. MS would make its own similar implementation, port or create a new graphical stack (no X11), add customizations to the linux kernel, use Windows Update as a "package manager", get Microsoft Internet Explorer to run, get strong and long term driver support from hardware manufacturers, have a sudo that only requires to click "Yes".

For what it's worth, I'm just trying to demonstrate here that absence of evidence is not evidence of absence. The fact that some software has not been widely exploited in the past does not mean that it can't be in the future, but a lot of people seem to argue that way when talking about other software that has been a common target in the past. Worse, they then extrapolate to assume that modified versions of software that hasn't been widely exploited in the past still won't be exploited in the future even if

Are you telling me that with public acceptance of the vulnerability of Flash, malicious coders have turned to the replacement standard to deliver their malware? Why would they do that? That seems unethical. They should learn to stick to the platforms we know are dangerous, so we know how to protect ourselves.

Have you noticed all the new HTML5 pages mostly major commercial sites have switched to, dyanmic loading, embedded crap could have been bypassed with removal of flash etc... HTML5 is just another example of software designed to require faster computers.. Literally 5 tabs in new modern browser/html5 consume the resources of 40 tabs in Opera v10-v12 with legacy hdmi...

Back in the early days of the web, videos were played by the systems player and a download link; DRM basically spawned flash and what we see to

I do not mind it. I am on the beta testing upgrade track and I report bugs to them. I figure I have used their browser long enough.

With HTML5 I think the trend is going to be an inability to easily use add-ons, as they currently work, to block malicious sites. It will be at that point that I revert to using the HOSTS file. Speaking of which, I downloaded your application but completely forgot to install it and get your email so that I could email you. I should have time to get to that today.